Spock : a software-based RISC-V TEE

Day 1 | 13:35 | 00:20 | K.4.401 | jip helsen


Note: I'm reworking this at the moment, some things won't work.

The stream isn't available yet! Check back at 13:35.
Get involved in the conversation!Join the chat

Securing embedded devices, particularly those with minimal resources, presents a unique and pressing challenge. Conventional approaches to Trusted Execution Environments (TEEs) often require specialized hardware or substantial system resources, leaving low-end devices vulnerable to breaches. The need for a lightweight, efficient solution that bridges this gap is greater than ever in today’s interconnected world.

Introducing Spock

Through the development of Spock, we have created a versatile and efficient Trusted Execution Environment (TEE) tailored for RISC-V embedded devices. By relying solely on Physical Memory Protection (PMP) for isolation and requiring only machine and user modes as specified in the RISC-V privileged instruction set, Spock delivers robust security without relying on any specialized hardware.

At the core of Spock’s architecture is the Security Manager (SM), which plays a key role in managing enclave data and buffer permissions. The SM enables Spock to efficiently virtualize buffers and dynamically allocate PMP entries, providing a flexible and scalable approach to memory isolation. By leveraging this abstraction, Spock can create virtual enclaves that surpass hardware-imposed limitations, such as the number of PMP entries.

Core Features and Capabilities

Spock’s minimalist API design delivers essential security functions, including secure execution and attestation. This design supports:

  • Virtualization of critical operations while maintaining a minimal Trusted Computing Base (TCB).
  • Integration into very low resource embedded devices.
  • Both relocatable and fixed enclaves, offering flexibility for diverse use cases.

Why Spock Matters

Spock’s design represents a modern, efficient solution for secure computing in low-resource embedded devices. Its ability to combine robust security with minimal hardware requirements makes it uniquely suited for the demands of today’s connected world, ensuring that even the smallest devices can operate securely.

Available at : https://github.com/jiphelsen/Spock